You can configure GigaSMART engine resources on GigaVUE‑HC1 to reduce the Inline TLS/SSL resource utilization by 50% and use the rest of the resource to configure the other GigaSMART applications. The Inline TLS/SSL application runs in the following two modes:
|
■
|
Standalone mode Enabled—The Inline TLS/SSL feature takes the entire GigaSMART engine resource. By default standalone mode is enabled for Inline TLS/SSL. |
|
■
|
Standalone mode Disabled—The GigaSMART engine resource allocated for Inline TLS/SSL feature is reduced to 50% and the residual GigaSMART engine resource can be configured for other GigaSMART applications. |
On GigaVUE‑HC1, you can configure the following GigaSMART applications along with the Inline TLS/SSL feature:
|
o
|
De-duplication (SMT-HC1-DD1) |
|
o
|
NetFlow Generation (SMT-HC1-NF1) |
|
o
|
BSE Combo (SMT-HC1-BSE) - Masking, Slicing, and Trailer |
|
o
|
Header-stripping (SMT-HC1-HS1) |
|
o
|
Flow Sampling (SMT-HC1-FVU) |
|
o
|
Tunneling, ERSPAN (SMT-HC1-TUN) |
Limitations
- It is not recommended to configure Inline TLS/SSL feature with other GigaSMART applications, except the applications listed above.
- The Passive TLS/SSL decryption is not recommended to be configured with Inline TLS/SSL feature and combination of NetFlow and Passive or DSSL TLS/SSL decryption do not work with the Inline TLS/SSL.
- For inline TLS/SSL decryption, Internet connectivity to GigaSMART and clustering is not supported on the same interface, for example, eth2.
Enable Standalone mode for Inline TLS/SSL decryption
To enable Standalone mode for Inline TLS/SSL decryption on GigaVUE‑HC1:
|
1.
|
From the GigaVUE‑HC1 device view, select GigaSMART > GigaSMART Groups > GigaSMART Groups. |
|
2.
|
Click New to create a new GigaSMART group or click Edit to modify an existing GigaSMART group. |
|
3.
|
Go to Inline SSL under GigaSMART Parameters, and select Standalone. |